Current wireless local area network (WLAN) systems use at least seven message round trips between a user station (STA) and a new access point (AP) to establish communications during roaming. Without utilizing a preauthentication or the like mechanism, the message cost may be even greater, as any authentication scheme secure in a system compliant with an Institute of Electrical and Electronics Engineers (IEEEE) 802.11 environment results in at least two more round trips within an IEEE 802.11 architecture. Insecure operation today already uses the first five messages. Since insecure roaming is perceived as too expensive, adding the final ten or more messages without optimizing the first five messages is unlikely to improve system performance.
Furthermore, in the current IEEE 802.11 architecture such as IEEE 802.11a or IEEE 802.11b, the access point gets no indication of a rogue user station until the eleventh message of the exchange, and an authorized user station does not detect a rogue access point until the twelfth message in the sequence, so that an attacker may be able to spoof all prior messages. Both the user station and the access point invest a large amount of resources, typically 20 or more milliseconds, before it is possible to detect an active attack. Additional performance degradations may occur, for example an attacker may purposely use the sequence to discourage use of the channel.
It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements are exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals have been repeated among the figures to indicate corresponding or analogous elements.